fixed DPD null state bug
This commit is contained in:
parent
ab6923f28c
commit
79b2729490
10
NEWS
10
NEWS
|
@ -5,6 +5,16 @@ strongswan-4.2.14
|
|||
relays EAP messages to and from a RADIUS server. Succesfully
|
||||
tested with with a freeradius server using EAP-MD5 and EAP-SIM.
|
||||
|
||||
- A vulnerability in the Dead Peer Detection (RFC 3706) code was found by
|
||||
Gerd v. Egidy <gerd.von.egidy@intra2net.com> of Intra2net AG affecting
|
||||
all Openswan and strongSwan releases. A malicious (or expired ISAKMP)
|
||||
R_U_THERE or R_U_THERE_ACK Dead Peer Detection packet can cause the
|
||||
pluto IKE daemon to crash and restart. No authentication or encryption
|
||||
is required to trigger this bug. One spoofed UDP packet can cause the
|
||||
pluto IKE daemon to restart and be unresponsive for a few seconds while
|
||||
restarting. This DPD null state vulnerability has been officially
|
||||
registered as CVE-2009-0790 and is fixed by this release.
|
||||
|
||||
- ASN.1 to time_t conversion caused a time wrap-around for
|
||||
dates after Jan 18 03:14:07 UTC 2038 on 32-bit platforms.
|
||||
As a workaround such dates are set to the maximum representable
|
||||
|
|
|
@ -5446,9 +5446,9 @@ dpd_inI_outR(struct state *st, struct isakmp_notification *const n, pb_stream *p
|
|||
time_t tm = now();
|
||||
u_int32_t seqno;
|
||||
|
||||
if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state))
|
||||
if (st == NULL || !IS_ISAKMP_SA_ESTABLISHED(st->st_state))
|
||||
{
|
||||
loglog(RC_LOG_SERIOUS, "DPD: Received R_U_THERE for unestablished ISKAMP SA");
|
||||
loglog(RC_LOG_SERIOUS, "DPD: Received R_U_THERE for unestablished ISAKMP SA");
|
||||
return STF_IGNORE;
|
||||
}
|
||||
if (n->isan_spisize != COOKIE_SIZE * 2 || pbs_left(pbs) < COOKIE_SIZE * 2)
|
||||
|
@ -5516,10 +5516,10 @@ dpd_inR(struct state *st, struct isakmp_notification *const n, pb_stream *pbs)
|
|||
{
|
||||
u_int32_t seqno;
|
||||
|
||||
if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state))
|
||||
if (st == NULL || !IS_ISAKMP_SA_ESTABLISHED(st->st_state))
|
||||
{
|
||||
loglog(RC_LOG_SERIOUS
|
||||
, "DPD: Received R_U_THERE_ACK for unestablished ISKAMP SA");
|
||||
, "DPD: Received R_U_THERE_ACK for unestablished ISAKMP SA");
|
||||
return STF_FAIL;
|
||||
}
|
||||
|
||||
|
|
|
@ -242,6 +242,7 @@ static struct vid_struct _vid_tab[] = {
|
|||
DEC_MD5_VID(STRONGSWAN_4_0_1, "strongSwan 4.0.1")
|
||||
DEC_MD5_VID(STRONGSWAN_4_0_0, "strongSwan 4.0.0")
|
||||
|
||||
DEC_MD5_VID(STRONGSWAN_2_8_8, "strongSwan 2.8.9")
|
||||
DEC_MD5_VID(STRONGSWAN_2_8_8, "strongSwan 2.8.8")
|
||||
DEC_MD5_VID(STRONGSWAN_2_8_7, "strongSwan 2.8.7")
|
||||
DEC_MD5_VID(STRONGSWAN_2_8_6, "strongSwan 2.8.6")
|
||||
|
|
|
@ -94,6 +94,7 @@ enum known_vendorid {
|
|||
VID_STRONGSWAN_2_8_6 = 72,
|
||||
VID_STRONGSWAN_2_8_7 = 73,
|
||||
VID_STRONGSWAN_2_8_8 = 74,
|
||||
VID_STRONGSWAN_2_8_9 = 75,
|
||||
|
||||
VID_STRONGSWAN_4_0_0 = 80,
|
||||
VID_STRONGSWAN_4_0_1 = 81,
|
||||
|
|
Loading…
Reference in New Issue